GSOC Sr. Threat Detection Analyst I – US REMOTE ONLY

Job Detail

  • Job ID 371821

Job Description

Company Description

About us, but we’ll be brief

We are very proud that FORTUNE named us one of The 100 Best Companies to Work For. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine.

Job Description

Central Time Zone working shift hours range between 7:30am-8:30pm, 4 of 7 days a week. 

What you’ll be doing:

The Senior Threat Detection Analyst I is responsible for monitoring the alert stream, conducting the initial assessment and information gathering on security incidents, leveraging various analytical tools, and triage and escalation of security incidents to senior analysts if applicable. These individuals also work closely with a number of cybersecurity teams, technical SMEs, and business unit contacts.

Below is the list of GSOC Senior Threat Detection Analyst I (L1) main tasks:

  • Monitor alerts and investigate incidents using SIEM and UEBA technologies, packet captures, reports, data visualization, and pattern analysis.
  • Analyze, escalate, and assist in remediation of critical information security incidents.
  • Improve and challenge existing processes and procedures in a very agile and fast-moving information security environment.
  • Security analysts should have expert knowledge of:
  • Information security policies and goals
  • Log analysis and event traffic patterns
  • The current IT threat landscape and upcoming trends in security


  • Able to work on a 10×7 shift rotating schedule.
  • Be eye-on-the-screen to fulfill operational necessity.
  • Monitor the alert stream, assess each alert for severity based on the defined criteria in playbooks, and respond within SLO requirements. Escalate potential incidents to the next level for further investigation and remediation.
  • Identify and analyze anomalies in network traffic using metadata.
  • Perform follow up monitoring from prior shift based on severity.
  • Update playbooks and brief teammates on updates, under the supervision of the lead analyst.
  • Complete training requirements
  • Ensure SLO standards are met for 90% of incidents worked.
  • One presentation per quarter on security topic or contribution to the information security threat blog.
  • Follow investigative process for incident escalation and shift turnover with cross team US/KL
  • Develop specialization in one tool
  • Attend and participate, unless there is a plausible justification, in the GSOC Weekly Meetings.
  • Contribute at least two (2) items to the GSOC Weekly Meeting Lessons Learned per Month.
  • Minimize (less than 5%) CIRT callbacks for cases not including all information and improve case quality
  • Minimize (less than 5%) negative management feedback for internal analyzed cases
  • Maximize effort and eliminate wasteful or duplicate efforts with GSOC activities.
  • Provide daily shift briefing and maintain activity shift log of interesting events.
  • Perform analysis on Experian Systems assets, document results noting attacker profiles.
  • Produce daily, weekly, and monthly reports on security activity and GSOC workload metrics to include tickets opened, events per analyst hour, and open or pending items. Additionally, reporting will be conducted to demonstrate top firing IDS/IPS signatures, top talking sources and destination and various other pre-determined GSOC metrics.
  • Identify impact of incidents on systems, and using available tools determine if data was infiltrated.
  • Document and maintain a knowledge base of alarms (false positives and false negatives, blacklists, whitelists) that IDS and IPS encounter.
  • Serve as work area experts for security/information assurance policy recommendations.


  • 2+ years’ experience in the following areas:
  • Demonstrates practical understanding and hands-on knowledge at:
    • TCP/UDP/IP networking, familiarity with packet analysis tools such as WireShark, and a general understanding of networking and security protocols
    • Network operations or engineering components while assessing and troubleshooting issues
    • System administration on Unix, Linux, or Windows
    • Willingness to acquire in-depth knowledge of network- and host security technologies and products (such as firewalls, network IDS, scanners) and continuously improve these skills
    • Security monitoring technologies, such as SIEM, IPS/IDS, UEBA, DLP, among others.

Demonstrates behavioral skills, such as: 

  • Demonstrated ability to work in a team environment
  • Strong written and verbal communication skills (e.g. experience documenting incidents, technical writing, project documentation, etc.)
  • Excellent analytical and problem-solving abilities
  • Originating action and ideas to improve existing conditions and processes
  • Establishing an action plan for self to complete work efficiently and on time by setting priorities, establishing timelines, and leveraging resources.
  • Demonstrated ability to actively learn and research cybersecurity threats and alerts, identifying new areas for learning; regularly creating and taking advantage of learning opportunities; using newly gained knowledge and skill on the job and learning through their application.
  • Taking full advantage of opportunities to receive and explore feedback about own performance; responding favorably to feedback and using it constructively to take action to improve knowledge, skills, behavior, and impact on others.
  • Well established client-focused communication skills that requires to read, review, investigate, and summarize reports on complex issues, in a manner that can be understood by non technical readers.

Desired Experience: 

  • 1+ years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration.
  • Relevant technical and industry certifications are a plus, e.g. Security+, GIAC certifications, SIEM vendor-specific certifications
  • Education: A bachelor’s degree is not required, but a degree program with an emphasis on the technical aspects of cybersecurity is very beneficial.
  • Gather intelligence from sources outside the GSOC both Experian internal and other sources, (DIB, US-Cert, etc.) and produce daily threat assessments and intelligence reports.
  • Build relationships with other Experian Systems business units to strengthen security posture throughout the organization.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe.  See our DEI work in action!

Please contact us at [email protected] to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian Careers – Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay range for this position is listed above.  Within this range, individual pay is determined by work location and additional factors such as job-related skills, experience and education.  This position is also eligible for a variable pay opportunity and a comprehensive benefits package which includes health, life and disability insurance, generous paid time off including paid parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. We’re passionate about unlocking the power of data to transform lives and create opportunities for consumers, businesses, and society. For more than 125 years, we’ve helped people and economies flourish – and we’re not done.

We take our people’s agenda very seriously. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, collaboration, wellness, reward & recognition, volunteering, making an impact… the list goes on. See our DEI work in action!

The power of YOU. We are building a culture where everyone is comfortable bringing their whole self to work. A place where we not only respect our differences and values but celebrate them in a positive and supportive environment.

Find out what is like to work for Experian and discover the Unexpected!


Related Jobs